[Touch-packages] [Bug 1713457] Re: DNS search domain not removed from resolv.conf on disconnect
So this has occurred again: = ~$ nmcli -f IP4.ADDRESS,IP4.DOMAIN dev show IP4.ADDRESS[1]: 10.0.0.156/24 IP4.DOMAIN[1]: hsd1.ma.comcast.net IP4.ADDRESS[1]: 127.0.0.1/8 ~$ cat /run/resolvconf/resolv.conf # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN # 127.0.0.53 is the systemd-resolved stub resolver. # run "systemd-resolve --status" to see details about the actual nameservers. nameserver 127.0.0.53 search hsd1.ma.comcast.net utopia.net mit.edu = Note the extra entries in the 'search' line of resolv.conf—these were from networks I was recently connected to. ** Also affects: network-manager via https://bugzilla.gnome.org/show_bug.cgi?id=712818 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to network-manager in Ubuntu. https://bugs.launchpad.net/bugs/1713457 Title: DNS search domain not removed from resolv.conf on disconnect Status in NetworkManager: Unknown Status in network-manager package in Ubuntu: Confirmed Status in resolvconf package in Ubuntu: Confirmed Bug description: When I connect to a wireless network that sets a DNS search domain name via DHCP, the line 'search ' is added to /etc/resolv.conf as expected. But if I then disconnect and connect to a different network, it is not removed from resolv.conf. If the second network also sets a search domain name, that one gets appended to resolv.conf along with the first one, and so on. Depending on the network, this can cause DNS leaks, name resolution failures, or other misbehavior. To be sure this wasn't some kind of user configuration issue, I reproduced this on the artful daily live image (artful-desktop- amd64.iso, 2017-08-27), from which I'm writing this report. ProblemType: Bug DistroRelease: Ubuntu 17.10 Package: network-manager 1.8.2-1ubuntu3 ProcVersionSignature: Ubuntu 4.12.0-11.12-generic 4.12.5 Uname: Linux 4.12.0-11-generic x86_64 ApportVersion: 2.20.6-0ubuntu7 Architecture: amd64 CasperVersion: 1.384 CurrentDesktop: ubuntu:GNOME Date: Mon Aug 28 10:34:22 2017 IfupdownConfig: # interfaces(5) file used by ifup(8) and ifdown(8) auto lo iface lo inet loopback IpRoute: default via 172.20.20.1 dev wlp3s0 proto static metric 600 169.254.0.0/16 dev wlp3s0 scope link metric 1000 172.20.20.0/24 dev wlp3s0 proto kernel scope link src 172.20.20.20 metric 600 LiveMediaBuild: Ubuntu 17.10 "Artful Aardvark" - Alpha amd64 (20170827) ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: network-manager UpgradeStatus: No upgrade log present (probably fresh install) nmcli-dev: DEVICE TYPE STATEDBUS-PATH CONNECTION CON-UUID CON-PATH wlp3s0 wifi connected/org/freedesktop/NetworkManager/Devices/3 xfinitywifi 39ffbbfc-1c1e-41c9-b3eb-c513065c3ea6 /org/freedesktop/NetworkManager/ActiveConnection/2 enp0s31f6 ethernet unavailable /org/freedesktop/NetworkManager/Devices/2 -- ---- lo loopback unmanaged/org/freedesktop/NetworkManager/Devices/1 -- ---- nmcli-nm: RUNNING VERSION STATE STARTUP CONNECTIVITY NETWORKING WIFI-HW WIFI WWAN-HW WWAN running 1.8.2connected started full enabled enabled enabled enabled enabled To manage notifications about this bug go to: https://bugs.launchpad.net/network-manager/+bug/1713457/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1730536] Re: "Unable to open external link" in Evince when google-chrome-unstable is the default browser
I can confirm that the changes from that merge request, when manually applied on my system, fix the problem. Thanks! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1730536 Title: "Unable to open external link" in Evince when google-chrome-unstable is the default browser Status in AppArmor: Confirmed Status in apparmor package in Ubuntu: Confirmed Status in apparmor package in Debian: Confirmed Bug description: TO REPRODUCE: I attempt to open a URL from a PDF document in Evince. EXPECTED: The browser opens the URL. OBSERVED: I'm shown an error message: Unable to open external link Failed to execute child process “/usr/bin/google-chrome-unstable” (Permission denied) journalctl shows: Nov 06 19:19:18 khaeru-laptop audit[22110]: AVC apparmor="DENIED" operation="exec" profile="/usr/bin/evince" name="/opt/google/chrome-unstable/google-chrome-unstable" pid=22110 comm="evince" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 Nov 06 19:19:18 khaeru-laptop kernel: audit: type=1400 audit(1510013958.773:590): apparmor="DENIED" operation="exec" profile="/usr/bin/evince" name="/opt/google/chrome-unstable/google-chrome-unstable" pid=22110 comm="evince" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 EXTRA INFORMATION: - As the messages imply, I'm using Google Chrome "unstable". - The file /usr/bin/google-chrome-unstable …is symlinked to: /opt/google/chrome-unstable/google-chrome-unstable - I note that previous bugs, eg. bug #964510, resulted in lines being added to /etc/apparmor.d/abstractions/ubuntu-helpers that refer to paths in /opt/google/chrome/. This directory does not exist on my system. $ lsb_release -rd && apt-cache policy apparmor evince google-chrome-unstable Description:Ubuntu 17.10 Release:17.10 apparmor: Installed: 2.11.0-2ubuntu17 Candidate: 2.11.0-2ubuntu17 Version table: *** 2.11.0-2ubuntu17 500 500 http://us.archive.ubuntu.com/ubuntu artful/main amd64 Packages 100 /var/lib/dpkg/status evince: Installed: 3.26.0-1 Candidate: 3.26.0-1 Version table: *** 3.26.0-1 500 500 http://us.archive.ubuntu.com/ubuntu artful/main amd64 Packages 100 /var/lib/dpkg/status google-chrome-unstable: Installed: 64.0.3251.0-1 Candidate: 64.0.3253.3-1 Version table: 64.0.3253.3-1 500 500 http://dl.google.com/linux/chrome/deb stable/main amd64 Packages *** 64.0.3251.0-1 100 100 /var/lib/dpkg/status ProblemType: Bug DistroRelease: Ubuntu 17.10 Package: apparmor 2.11.0-2ubuntu17 ProcVersionSignature: Ubuntu 4.13.0-16.19-generic 4.13.4 Uname: Linux 4.13.0-16-generic x86_64 ApportVersion: 2.20.7-0ubuntu3.1 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Mon Nov 6 19:20:34 2017 EcryptfsInUse: Yes InstallationDate: Installed on 2017-10-11 (26 days ago) InstallationMedia: Ubuntu 17.04 "Zesty Zapus" - Release amd64 (20170412) ProcKernelCmdline: BOOT_IMAGE=/boot/vmlinuz-4.13.0-16-generic.efi.signed root=UUID=39ca3c53-0313-4699-a5da-403522e2ff14 ro quiet splash vt.handoff=7 SourcePackage: apparmor Syslog: UpgradeStatus: Upgraded to artful on 2017-10-19 (18 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1730536/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1713457] Re: DNS search domain not removed from resolv.conf on disconnect
Is this reported upstream? Could be one of: https://bugzilla.gnome.org/show_bug.cgi?id=712818 https://bugzilla.gnome.org/show_bug.cgi?id=778004 https://bugzilla.gnome.org/show_bug.cgi?id=782469 I notice per the first one that "nmcli dev show" (not "… list", the report is old and I guess the semantics of nmcli have changed) will show me the search domain when I'm connected to a network that sets it: = $ nmcli -f IP4.ADDRESS,IP4.DOMAIN dev show IP4.ADDRESS[1]: 18.142.15.92/16 IP4.DOMAIN[1]: mit.edu IP4.ADDRESS[1]: 18.189.91.11/19 IP4.DOMAIN[1]: mit.edu IP4.ADDRESS[1]: 127.0.0.1/8 = So I guess if I try this the next time this bug crops up and nmcli disagrees with the contents of resolv.conf, I will mark the first URL as the upstream bug. Or if someone who understands this better wants to open a new upstream bug, please go ahead. ** Bug watch added: GNOME Bug Tracker #712818 https://bugzilla.gnome.org/show_bug.cgi?id=712818 ** Bug watch added: GNOME Bug Tracker #778004 https://bugzilla.gnome.org/show_bug.cgi?id=778004 ** Bug watch added: GNOME Bug Tracker #782469 https://bugzilla.gnome.org/show_bug.cgi?id=782469 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to network-manager in Ubuntu. https://bugs.launchpad.net/bugs/1713457 Title: DNS search domain not removed from resolv.conf on disconnect Status in network-manager package in Ubuntu: Confirmed Status in resolvconf package in Ubuntu: Confirmed Bug description: When I connect to a wireless network that sets a DNS search domain name via DHCP, the line 'search ' is added to /etc/resolv.conf as expected. But if I then disconnect and connect to a different network, it is not removed from resolv.conf. If the second network also sets a search domain name, that one gets appended to resolv.conf along with the first one, and so on. Depending on the network, this can cause DNS leaks, name resolution failures, or other misbehavior. To be sure this wasn't some kind of user configuration issue, I reproduced this on the artful daily live image (artful-desktop- amd64.iso, 2017-08-27), from which I'm writing this report. ProblemType: Bug DistroRelease: Ubuntu 17.10 Package: network-manager 1.8.2-1ubuntu3 ProcVersionSignature: Ubuntu 4.12.0-11.12-generic 4.12.5 Uname: Linux 4.12.0-11-generic x86_64 ApportVersion: 2.20.6-0ubuntu7 Architecture: amd64 CasperVersion: 1.384 CurrentDesktop: ubuntu:GNOME Date: Mon Aug 28 10:34:22 2017 IfupdownConfig: # interfaces(5) file used by ifup(8) and ifdown(8) auto lo iface lo inet loopback IpRoute: default via 172.20.20.1 dev wlp3s0 proto static metric 600 169.254.0.0/16 dev wlp3s0 scope link metric 1000 172.20.20.0/24 dev wlp3s0 proto kernel scope link src 172.20.20.20 metric 600 LiveMediaBuild: Ubuntu 17.10 "Artful Aardvark" - Alpha amd64 (20170827) ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: network-manager UpgradeStatus: No upgrade log present (probably fresh install) nmcli-dev: DEVICE TYPE STATEDBUS-PATH CONNECTION CON-UUID CON-PATH wlp3s0 wifi connected/org/freedesktop/NetworkManager/Devices/3 xfinitywifi 39ffbbfc-1c1e-41c9-b3eb-c513065c3ea6 /org/freedesktop/NetworkManager/ActiveConnection/2 enp0s31f6 ethernet unavailable /org/freedesktop/NetworkManager/Devices/2 -- ---- lo loopback unmanaged/org/freedesktop/NetworkManager/Devices/1 -- ---- nmcli-nm: RUNNING VERSION STATE STARTUP CONNECTIVITY NETWORKING WIFI-HW WIFI WWAN-HW WWAN running 1.8.2connected started full enabled enabled enabled enabled enabled To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1713457/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1731130] Re: /run/resolvconf/resolv.conf contains invalid 'search' entries
*** This bug is a duplicate of bug 1713457 *** https://bugs.launchpad.net/bugs/1713457 Hi—yes, it seems so. Sorry that I didn't search hard enough before reporting a duplicate! ** This bug has been marked a duplicate of bug 1713457 DNS search domain not removed from resolv.conf on disconnect -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to resolvconf in Ubuntu. https://bugs.launchpad.net/bugs/1731130 Title: /run/resolvconf/resolv.conf contains invalid 'search' entries Status in resolvconf package in Ubuntu: Incomplete Bug description: STEPS TO REPRODUCE: I connect to certain MIT networks via both wired and wireless connections. Afterwards, I connect to a home network. EXPECTED: Domains like http://web.mit.edu resolve. OBSERVED: They don't. The file /run/resolvconf/resolv.conf contains only these lines: nameserver 127.0.0.53 search mit.edu hsd1.ma.comcast.net It would seem hsd1.ma.comcast.net is correct, since that describes my ISP. But the mit.edu is erroneous and prevents applications from correctly resolving mit.edu domains. If I manually edit this file and remove "mit.edu" from the search line, the domains then resolve correctly. Shouldn't this be removed automatically? ~$ lsb_release -rd && apt-cache policy resolvconf Description:Ubuntu 17.10 Release:17.10 resolvconf: Installed: 1.79ubuntu8 Candidate: 1.79ubuntu8 Version table: *** 1.79ubuntu8 500 500 http://us.archive.ubuntu.com/ubuntu artful/universe amd64 Packages 500 http://us.archive.ubuntu.com/ubuntu artful/universe i386 Packages 100 /var/lib/dpkg/status ProblemType: Bug DistroRelease: Ubuntu 17.10 Package: resolvconf 1.79ubuntu8 ProcVersionSignature: Ubuntu 4.13.0-16.19-generic 4.13.4 Uname: Linux 4.13.0-16-generic x86_64 ApportVersion: 2.20.7-0ubuntu3.1 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Thu Nov 9 00:34:20 2017 EcryptfsInUse: Yes InstallationDate: Installed on 2017-10-11 (28 days ago) InstallationMedia: Ubuntu 17.04 "Zesty Zapus" - Release amd64 (20170412) PackageArchitecture: all SourcePackage: resolvconf UpgradeStatus: Upgraded to artful on 2017-10-19 (20 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/resolvconf/+bug/1731130/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1731130] [NEW] /run/resolvconf/resolv.conf contains invalid 'search' entries
Public bug reported: STEPS TO REPRODUCE: I connect to certain MIT networks via both wired and wireless connections. Afterwards, I connect to a home network. EXPECTED: Domains like http://web.mit.edu resolve. OBSERVED: They don't. The file /run/resolvconf/resolv.conf contains only these lines: nameserver 127.0.0.53 search mit.edu hsd1.ma.comcast.net It would seem hsd1.ma.comcast.net is correct, since that describes my ISP. But the mit.edu is erroneous and prevents applications from correctly resolving mit.edu domains. If I manually edit this file and remove "mit.edu" from the search line, the domains then resolve correctly. Shouldn't this be removed automatically? ~$ lsb_release -rd && apt-cache policy resolvconf Description:Ubuntu 17.10 Release:17.10 resolvconf: Installed: 1.79ubuntu8 Candidate: 1.79ubuntu8 Version table: *** 1.79ubuntu8 500 500 http://us.archive.ubuntu.com/ubuntu artful/universe amd64 Packages 500 http://us.archive.ubuntu.com/ubuntu artful/universe i386 Packages 100 /var/lib/dpkg/status ProblemType: Bug DistroRelease: Ubuntu 17.10 Package: resolvconf 1.79ubuntu8 ProcVersionSignature: Ubuntu 4.13.0-16.19-generic 4.13.4 Uname: Linux 4.13.0-16-generic x86_64 ApportVersion: 2.20.7-0ubuntu3.1 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Thu Nov 9 00:34:20 2017 EcryptfsInUse: Yes InstallationDate: Installed on 2017-10-11 (28 days ago) InstallationMedia: Ubuntu 17.04 "Zesty Zapus" - Release amd64 (20170412) PackageArchitecture: all SourcePackage: resolvconf UpgradeStatus: Upgraded to artful on 2017-10-19 (20 days ago) ** Affects: resolvconf (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug artful wayland-session -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to resolvconf in Ubuntu. https://bugs.launchpad.net/bugs/1731130 Title: /run/resolvconf/resolv.conf contains invalid 'search' entries Status in resolvconf package in Ubuntu: New Bug description: STEPS TO REPRODUCE: I connect to certain MIT networks via both wired and wireless connections. Afterwards, I connect to a home network. EXPECTED: Domains like http://web.mit.edu resolve. OBSERVED: They don't. The file /run/resolvconf/resolv.conf contains only these lines: nameserver 127.0.0.53 search mit.edu hsd1.ma.comcast.net It would seem hsd1.ma.comcast.net is correct, since that describes my ISP. But the mit.edu is erroneous and prevents applications from correctly resolving mit.edu domains. If I manually edit this file and remove "mit.edu" from the search line, the domains then resolve correctly. Shouldn't this be removed automatically? ~$ lsb_release -rd && apt-cache policy resolvconf Description:Ubuntu 17.10 Release:17.10 resolvconf: Installed: 1.79ubuntu8 Candidate: 1.79ubuntu8 Version table: *** 1.79ubuntu8 500 500 http://us.archive.ubuntu.com/ubuntu artful/universe amd64 Packages 500 http://us.archive.ubuntu.com/ubuntu artful/universe i386 Packages 100 /var/lib/dpkg/status ProblemType: Bug DistroRelease: Ubuntu 17.10 Package: resolvconf 1.79ubuntu8 ProcVersionSignature: Ubuntu 4.13.0-16.19-generic 4.13.4 Uname: Linux 4.13.0-16-generic x86_64 ApportVersion: 2.20.7-0ubuntu3.1 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Thu Nov 9 00:34:20 2017 EcryptfsInUse: Yes InstallationDate: Installed on 2017-10-11 (28 days ago) InstallationMedia: Ubuntu 17.04 "Zesty Zapus" - Release amd64 (20170412) PackageArchitecture: all SourcePackage: resolvconf UpgradeStatus: Upgraded to artful on 2017-10-19 (20 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/resolvconf/+bug/1731130/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1730536] [NEW] "Unable to open external link" in evince
Public bug reported: TO REPRODUCE: I attempt to open a URL from a PDF document in Evince. EXPECTED: The browser opens the URL. OBSERVED: I'm shown an error message: Unable to open external link Failed to execute child process “/usr/bin/google-chrome-unstable” (Permission denied) journalctl shows: Nov 06 19:19:18 khaeru-laptop audit[22110]: AVC apparmor="DENIED" operation="exec" profile="/usr/bin/evince" name="/opt/google/chrome-unstable/google-chrome-unstable" pid=22110 comm="evince" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 Nov 06 19:19:18 khaeru-laptop kernel: audit: type=1400 audit(1510013958.773:590): apparmor="DENIED" operation="exec" profile="/usr/bin/evince" name="/opt/google/chrome-unstable/google-chrome-unstable" pid=22110 comm="evince" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 EXTRA INFORMATION: - As the messages imply, I'm using Google Chrome "unstable". - The file /usr/bin/google-chrome-unstable …is symlinked to: /opt/google/chrome-unstable/google-chrome-unstable - I note that previous bugs, eg. bug #964510, resulted in lines being added to /etc/apparmor.d/abstractions/ubuntu-helpers that refer to paths in /opt/google/chrome/. This directory does not exist on my system. $ lsb_release -rd && apt-cache policy apparmor evince google-chrome-unstable Description:Ubuntu 17.10 Release:17.10 apparmor: Installed: 2.11.0-2ubuntu17 Candidate: 2.11.0-2ubuntu17 Version table: *** 2.11.0-2ubuntu17 500 500 http://us.archive.ubuntu.com/ubuntu artful/main amd64 Packages 100 /var/lib/dpkg/status evince: Installed: 3.26.0-1 Candidate: 3.26.0-1 Version table: *** 3.26.0-1 500 500 http://us.archive.ubuntu.com/ubuntu artful/main amd64 Packages 100 /var/lib/dpkg/status google-chrome-unstable: Installed: 64.0.3251.0-1 Candidate: 64.0.3253.3-1 Version table: 64.0.3253.3-1 500 500 http://dl.google.com/linux/chrome/deb stable/main amd64 Packages *** 64.0.3251.0-1 100 100 /var/lib/dpkg/status ProblemType: Bug DistroRelease: Ubuntu 17.10 Package: apparmor 2.11.0-2ubuntu17 ProcVersionSignature: Ubuntu 4.13.0-16.19-generic 4.13.4 Uname: Linux 4.13.0-16-generic x86_64 ApportVersion: 2.20.7-0ubuntu3.1 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Mon Nov 6 19:20:34 2017 EcryptfsInUse: Yes InstallationDate: Installed on 2017-10-11 (26 days ago) InstallationMedia: Ubuntu 17.04 "Zesty Zapus" - Release amd64 (20170412) ProcKernelCmdline: BOOT_IMAGE=/boot/vmlinuz-4.13.0-16-generic.efi.signed root=UUID=39ca3c53-0313-4699-a5da-403522e2ff14 ro quiet splash vt.handoff=7 SourcePackage: apparmor Syslog: UpgradeStatus: Upgraded to artful on 2017-10-19 (18 days ago) ** Affects: apparmor (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug artful wayland-session -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1730536 Title: "Unable to open external link" in evince Status in apparmor package in Ubuntu: New Bug description: TO REPRODUCE: I attempt to open a URL from a PDF document in Evince. EXPECTED: The browser opens the URL. OBSERVED: I'm shown an error message: Unable to open external link Failed to execute child process “/usr/bin/google-chrome-unstable” (Permission denied) journalctl shows: Nov 06 19:19:18 khaeru-laptop audit[22110]: AVC apparmor="DENIED" operation="exec" profile="/usr/bin/evince" name="/opt/google/chrome-unstable/google-chrome-unstable" pid=22110 comm="evince" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 Nov 06 19:19:18 khaeru-laptop kernel: audit: type=1400 audit(1510013958.773:590): apparmor="DENIED" operation="exec" profile="/usr/bin/evince" name="/opt/google/chrome-unstable/google-chrome-unstable" pid=22110 comm="evince" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 EXTRA INFORMATION: - As the messages imply, I'm using Google Chrome "unstable". - The file /usr/bin/google-chrome-unstable …is symlinked to: /opt/google/chrome-unstable/google-chrome-unstable - I note that previous bugs, eg. bug #964510, resulted in lines being added to /etc/apparmor.d/abstractions/ubuntu-helpers that refer to paths in /opt/google/chrome/. This directory does not exist on my system. $ lsb_release -rd && apt-cache policy apparmor evince google-chrome-unstable Description:Ubuntu 17.10 Release:17.10 apparmor: Installed: 2.11.0-2ubuntu17 Candidate: 2.11.0-2ubuntu17 Version table: *** 2.11.0-2ubuntu17 500 500 http://us.archive.ubuntu.com/ubuntu artful/main amd64 Packages 100 /var/lib/dpkg/status evince: Installed: 3.26.0-1 Candidate: 3.26.0-1 Version table: *** 3.26.0-1 500 500 http://us.archive.ubuntu.com/ubuntu artful/main amd64 Packages 10
[Touch-packages] [Bug 1682499] Re: disable dnssec
Bug #1650877 and the others linked there (see comment #7) appear to be duplicates. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1682499 Title: disable dnssec Status in systemd package in Ubuntu: Fix Committed Status in systemd source package in Zesty: Fix Committed Bug description: [Impact] * dnssec functionality in systemd-resolved prevents network access in certain intra and extra net cases, due to failure to correctly validate dnssec entries. As a work-around we should disable dnssec by default. [Test Case] * Validate systemd-resolved is compiled with --with-default-dnssec=no * Validate that systemd-resolve --status says that DNSSEC setting is no $ systemd-resolve --status good output: ... DNSSEC setting: no DNSSEC supported: no ... bad output: ... DNSSEC setting: allow-downgrade DNSSEC supported: yes ... [Regression Potential] * People who expect DNSSEC to be available by default will need to re-enable it by modifying systemd-resolve configuration file [Other Info] * See duplicate bugs and other bug reports in systemd for scenarios of DNS resolution failures when DNSSEC is enabled. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1682499/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1650877] Re: systemd-resolved: resolve call failed: DNSSEC validation failed: failed-auxiliary
I think this is a consequence of https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1682499 — if so, please mark (also those others listed in #7) as duplicate. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1650877 Title: systemd-resolved: resolve call failed: DNSSEC validation failed: failed-auxiliary Status in systemd package in Ubuntu: Confirmed Bug description: After I boot Ubuntu 17.04 "Zesty Zapus" (dev) $ systemd-resolve www.facebook.com www.facebook.com: resolve call failed: DNSSEC validation failed: failed-auxiliary But after I have started Mozilla Firefox, and I try again it correctly resolves. $ systemd-resolve www.facebook.com www.facebook.com: 31.13.72.36 (star-mini.c10r.facebook.com) -- Information acquired via protocol DNS in 3.6ms. -- Data is authenticated: no This does not only apply to the above mentioned www.facebook.com domain. This seems to be related to a GitHub issue: https://github.com/systemd/systemd/issues/4003 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1650877/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
